v0.10.1

Fixed

• Made the installer no-TTY fixture deterministic with an internal AGENTRECEIPT_TEST_NO_TTY=1 override and added fixture log output on failure.

v0.10.0

Added

• Added Step 0 rollout tracking setup for the AgentReceipt skill installer rollout (PROGRESS.md) and initial changelog entry under Unreleased.
• Added the repository-owned AgentReceipt coding-agent skill source at skills/agentreceipt/SKILL.md and release-script checks for required frontmatter/agent-facing references.
• Added release packaging of agentreceipt-skill/SKILL.md into every archive via scripts/build-release-artifacts.sh, and expanded scripts/test-release-scripts.sh checks to verify the archived skill path and content.
• Added noninteractive installer controls (--install-skill, --no-install-skill, --skill-dir) with env equivalents in scripts/install.sh, plus offline installer fixtures in scripts/test-release-scripts.sh for scripted install/no-install paths.
• Added interactive Step 4 installer onboarding: /dev/tty prompt, no-TTY skip behavior, default root resolution (~/.agents/skills over ~/.claude/skills), explicit overwrite prompts, and expanded installer fixture coverage (no-tty skip, env-driven install, identical/different target handling).

Changed

• Fully refreshed README.md for current agent-facing workflows, highlighting contract-first loop commands (sessions, focus, replay, schema, verify diff), installer option/env examples (--install-skill, --no-install-skill, --skill-dir, AGENTRECEIPT_INSTALL_SKILL, AGENTRECEIPT_SKILL_DIR), install archive contents, and explicit limitations around privacy, Codex-first capture, and non-policy enforcement.
• Completed final rollout validation in Step 6 (scripts/test-release-scripts.sh) covering release archive parity, installer control fixtures, noninteractive skip/overwrite semantics, and archive-root consistency for final handoff.

Fixed

• Fixed local scripts/install.sh skill installation against older release archives by extracting the binary independently and falling back to the checked-in skills/agentreceipt/SKILL.md when the archive does not yet include agentreceipt-skill/SKILL.md.
• Fixed release-script archive assertions to avoid GNU tar stdout: write error failures under pipefail on Ubuntu CI.

v0.9.0

Added

• Added plan-specific progress and changelog tracking for the AI agent command improvements work.
• Added shared loop contract primitives for replay/focus, including structured reason_code fields, process_contract, and reviewability metadata.
• Added ranked focus work queues with agent_tasks, recommended_next_commands, file classification buckets, and suppressed-change tracking for agent-friendly review loops.
• Added compact replay indexes and query surfaces, including indexes, query, selected_events, selected_files, selected_evidence, and full-timeline --full output.
• Changed replay/focus documentation and schema copies to explicitly carry the shared reviewability contract and match the current loop-facing CLI behavior.
• Fixed evaluator loop signals so commit_count can be derived from git snapshot head changes and total_tokens prefers provider session token totals when available.
• Added stop-time Codex command/token import for matching repository logs before receipt finalization, so plain agentreceipt start sessions can still capture provider command evidence when local Codex logs are available.

v0.7.0

Changed

• Deepened event-log append handling behind a transaction interface so session start, stop, provider import, manual markers, and filesystem watcher appends share one locked replay-and-append path.
• Deepened Provider Evidence handling behind a typed module so Codex and Claude adapters construct the shared event-log shape in one place, while review, session confidence, and watch token baselines read provider commands, results, risk signals, labels, and token totals through one interface.
• Refactored replay-safe evidence extraction into internal/evidence so reviewer replay and future verifier-facing replay can reuse deterministic event-derived summary, confidence, risk, gaps, and timeline logic without invoking git commands.
• Added artifact-only receipt verification in internal/receipt so bundle and local verification share a single artifact-hash/signature validation path while local checks continue to include workspace diff parity validation.
• Documented the production replay evaluator contract in README and docs/replay-evaluator-contract.md, covering verification, trust, quality gates, policy checks, privacy, claims, and outcome semantics.

Added

• Added evaluator-loop replay implementation tracking (PLAN.md Step 0).

• Added local replay signer trust policy support (PLAN.md Step 2): configuration-level trust.trusted_signer_key_ids, agentreceipt replay --trusted-signer-key-id, and deterministic trust status reporting (trust_status, signer_trusted, policy_valid).

• Added replay evaluator scoring signals (PLAN.md Step 4): additive evaluator_signals counters for command activity, risk-relevant command classes, and changed-file category signals (read_command_count, network_command_count, changed_test_file_count, and related fields).

• Added replay quality gate evidence (PLAN.md Step 5): top-level quality_gates summarizing command-classified quality checks (format/lint/tests/race_tests/typecheck/security/coverage/build/smoke/verify), failed_command_details for failed commands with redacted outputs and evidence, and command metadata (cwd, time) for richer verifier context.

• Added replay patch semantic summaries (PLAN.md Step 6): top-level patch_summary with category counts, additions/deletions, semantic changed-file entries, Go symbol hints, and test/production relationship signals for final patch review.

• Added replay policy checks and review focus prompts (PLAN.md Step 7): top-level policy_checks with deterministic pass/fail/warn/not_applicable/unknown statuses, and review_focus prompts synthesized from verification gaps, quality gates, patch summary, policy checks, and failed commands.

• Added replay privacy reporting, claim confidence, and outcome classification (PLAN.md Step 8): top-level privacy redaction metadata, claims for verification/authenticity/trust/gates/policies/outcome, and outcome states for completed, completed_with_gaps, failed, abandoned, committed, and needs_human_review sessions.

• Added replay implementation progress tracking (PROGRESS.md) and committed the first planning-control milestone for verifier-facing replay work.

• Added replay evaluator characterization coverage to ensure replay output does not leak raw provider risk_signals.

• Added verifier-facing replay report construction in internal/replay, including command pairing, command risk mapping, evidence gaps, risk-to-evidence references, and artifact hash metadata.

• Added agentreceipt replay CLI command to emit machine-readable verifier JSON with required --session validation and JSON output mode.

• Added portable replay bundle generation for agentreceipt replay via --bundle, including required artifact packaging, normalized Codex trace copying, and replay.json manifest emission.

• Added smoke-level replay coverage for agentreceipt replay JSON and bundle outputs, plus validation that replay requires --session and emits machine-readable output without raw provider logs.

• Added replay workflow documentation updates in README and PRD/TECH_SPEC for verifier-only usage, artifact requirements, explicit-session behavior, and privacy constraints.

• Added replay acceptance coverage in internal/replay for tampered events.jsonl, manifest.json, receipt.json, and final.patch to keep replay verification invalidation behavior explicit.

• Added component-level replay verification fields in verifier output (event_chain_valid, final_patch_hash_valid, manifest_hash_valid, receipt_hash_valid) plus stable signature failure context (signature_error_code) for actionable replay review.

• Added factual replay contract and smoke assertions clarifying that agentreceipt replay reports evidence facts only; no policy recommendations or scoring.

• Split replay verification output into explicit integrity/authenticity and outcome verdict signals (integrity_valid, authenticity_valid, authenticity_status, overall_verdict, component_results) to support evaluator-safe consumption without overloading valid.

• Hardened signer portability for replay verification by ensuring embedded public-key metadata is treated as the canonical path for signature checks and by codifying legacy behavior when signer material is missing (legacy_missing_embedded_signer).

• Fixed filesystem watcher shutdown robustness so stale or already-exited watcher processes no longer produce filesystem watcher did not stop cleanly.

v0.6.0

Added

• Added agentreceipt sessions to list sessions available for the current repository.

Changed

• Renamed the JSON event-log viewer command from agentreceipt live to agentreceipt events; live remains as a hidden deprecated alias for compatibility.
• Changed agentreceipt events to render a colorized readable timeline by default, with --format json for indented JSON and --format jsonl for compact JSON lines.
• Documented the current visible command surface in the README, including utility commands such as version, completion, and help.

v0.5.0

Changed

• Improved receipt Markdown export readability with colorized terminal output for human-facing exports, concise risk bullets, capped risk lists, and dynamic rendering from signed receipt JSON instead of stale cached Markdown.
• Replaced generic risky_command review reasons with specific command-risk codes such as command_risk_network_egress, command_risk_git_mutation, and command_risk_destructive_filesystem.

Fixed

• Reduced command-risk false positives by ignoring quoted search patterns such as rg "curl|wget|token" when classifying executable commands.
• Normalized legacy receipt Markdown output so previously finalized receipts with stored risky_command or stale provider-risk reasons render with current classifier labels without mutating signed JSON.

v0.4.2

Fixed

• Rejected unknown top-level receipt JSON fields during local and bundle verification so unsigned receipt content cannot pass as authenticated.
• Recorded the actual detected provider label in signed receipts instead of hard-coding Codex.
• Recognized make verify as default test evidence in review command detection.
• Detected review git bases from configured upstreams, origin/HEAD, and non-main default branch names such as trunk and develop.
• Limited missing-test review prompts to sessions with code file changes, avoiding docs-only noise.

v0.4.1

Changed

• Improved the curl installer output with a clear AGENT RECEIPT ASCII banner and step-by-step progress bar while preserving checksum failure diagnostics.

v0.4.0

Added

• Added Claude hook MVP support with dry-run hook installation, guarded settings merges, active-session hook ingestion, and provider-neutral review confidence.

Fixed

• Serialized AgentReceipt event-log appenders so concurrent provider, marker, and filesystem watcher writes preserve a replayable hash chain.
• Enforced Codex provider privacy defaults so normalized events omit prompt text and raw tool output unless config explicitly opts in.
• Carried Codex provider risk signals into final review and receipt risk reasons.
• Applied explicit review config to quality-command detection and dependency, auth, secret-path, test, and typecheck policy decisions.
• Validated filesystem watcher identity before the stop fallback signals a recorded PID.
• Implemented read-only install codex detection for local Codex log availability.
• Added verify bundle for local CI-style verification of portable AgentReceipt artifact bundles.

v0.3.0

Added

• Added a Claude provider design covering hook event normalization, storage and privacy behavior, install command requirements, and MVP acceptance criteria.
• Added a GitHub PR workflow design covering local-only PR comments, future CI-assisted receipt checks, artifact contracts, and deterministic policy boundaries.

Fixed

• Fixed session filesystem capture so agentreceipt start launches a durable watcher sidecar, records fs.change events while active, and flushes watcher evidence before stop finalizes the receipt.
• Fixed review summaries so Codex command results update detected command status to success or failed when matching result evidence is present, while attempt-only commands remain unknown.
• Fixed review flag behavior by making review --codex-jsonl import a Codex trace into the active session before review and removing inactive --full and --provider flags.
• Fixed receipt verification portability by embedding the signer public key and key ID in new receipts while preserving legacy local-key verification.
• Fixed Codex watch tailing so large appended logs are read in bounded chunks while preserving complete-line offsets and partial-line safety.
• Fixed confidence reporting so Codex parse-warning-only evidence does not count as imported provider tool evidence.